CVE-2024-34352

Exploit

EPSS 2.44%
Veröffentlicht 14.05.2024 15:38:43
Zuletzt bearbeitet 07.02.2025 02:44:20
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

1Panel is an open source Linux server operation and maintenance management panel. Prior to  v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in  v1.10.3-lts.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fit2cloud ≫ 1panel Version < 1.10.3-lts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.44%	0.847

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-34352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34352

EUVD